Login flow - random User cancelled OAuth flow errors

[Lirontal1]

Before creating a new issue, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have tried disabling all browser extensions or using a different browser
• [X] I have tried deleting the node_modules folder and reinstalling my dependencies
• [X] I have read the guide for submitting bug reports.

On which framework/platform are you having an issue?

React

Which UI component?

Authenticator

How is your app built?

React App using Vite

What browsers are you seeing the problem on?

Chrome

Which region are you seeing the problem in?

No response

Please describe your bug.

We're using Amplify as our 3rd party library for logging in with Cognito. We're seeing some users get User cancelled OAuth flow randomly when trying to log in. I've looked at Amplif's code base, and can confirm the users have BOTH state & code in the URL, and they do not go back using the browser. In the hub listener we have in our app, we logout the user when we recieve a signInWithRedirect_failure event, so it logs them out.

What's the expected behaviour?

Users should always be able to log in without a trouble

Help us reproduce the bug!

Unsure, it's really random and didn't find a reproducable way

Code Snippet

// Put your code below this line.

 const unsubscribe = Hub.listen('auth', ({ payload }) => {
      switch (payload.event) {
        ....
        case 'signInWithRedirect_failure':
          logout();
          navigate('');
          console.error(`[authentication error]: LOGIN FAIL: ${JSON.stringify(payload.data.error?.message)}`);
          document.location.reload();
          break;
        ....
        default:
          break;
      }
    });

Console log output

[authentication error]: LOGIN FAIL: "User cancelled OAuth flow."

Additional information and screenshots

No response

[calebpollman]

@Lirontal1 Thanks for opening this, transferring to the Amplify JS repo for investigation

[israx]

hello @Lirontal1 . Getting the User cancelled OAuth flow error and receiving code and state in the query params should be mutually exclusive. Usually that error is thrown as long as the user clicks the browser's back button.

Do you have some user metadata that you can provide so we can try to identify the issue ?

[israx]

We had a similar issue and a customer solved it by changing some app routes. Could that solution applied here solve your issue ?

[ronbhomri]

@israx it happens to several users, all uses SAML for login (Okta, Azure AD etc..). we can see in the session recording all the users return to our login page with the code and state in the URL, but we get in the Hub.listen the signInWithRedirect_failure. In the second time usually works.

[israx]

Hello @ronbhomri . Could you provide a sample app that can help us to reliable reproduce this issue ?

[cwomack]

@Lirontal1 or @ronbhomri, wanted to check in and see if either of you are able to help us reproduce this better via a sample app per @israx request above. Let us know if this is still a blocker for you, thanks!

[ronbhomri]

@cwomack we shared a sample repo here. Thanks!

[israx]

hello @ronbhomri . I was not able to reproduce the issue based on the provided app. Could you specific the steps to reliable reproduce it ?

[ronbhomri]

@israx it happens usually when you try to login via SAML connection (for example Okta)

[cwomack]

@ronbhomri, can you provide the entirety of networks logs that you see when attempting to sign in and experiencing this? It's sounding like there's an issue happening when trying to redirect back from the federation from the Okta side.

[cwomack]

@Lirontal1 or @ronbhomri, are either one of you able to confirm/provide any further details about the about network logs? Thanks.

[ronbhomri]

@cwomack Can it be related to internet connection? we experienced a lot on network connection issues lately and we think it has something to do with it

[ronbhomri]

@cwomack or @israx, can you answer on the above question? I believer it has something to do with poor internet connection